IBM Support

User permission for "Tivoli Enterprise Portal Authorities"

Question & Answer


Question

Where is the user permission for "Tivoli Enterprise Portal Authorities" are stored in TEPS database? How can we list them for each user?

 

Answer

Look at the user permission screenshot. The user permission can be modified by selecting user icon from Tivoli Enterprise portal. Only the user has the Administrative privilege can change the user permission for other users. 

                      image

The question is, where are the individual user permissions like Action, Event etc for each user stored.  The user permission is stored in the KFWUSER.AUTH column  of KFWUSER table in TEPS DB and it stored as an unsigned integer.  This value represents a bit-mask, where each bit position corresponds to a specific permission.  Here is the bit-mask mapping to use for bit testing: 

                                              image

for example, 

In my system, for SYSADMIN id the KFWUSER.AUTH value is "252645438" and it has both "View and Modify" Action Permission. 

INSERT INTO KFWUSER ( ID, NAME, TEXT, AFFINITIES, AUTH, AUTHEX, LSTDATE, LSTUSRPRF ) VALUES ( 'SYSADMIN', 'SYSADMIN', 'Administration', '################################00000000000', 252645438, 'FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000000000000000000000000001', '1171019080326000', 'SYSADMIN' );

How do we get the user permission?

Just to illustrate the example here. the AUTH column in my  example contains the following unsigned integer value:  252645438. This represents the following binary number:

1111000011110001000000111110

So if you use the above mapping , the MODIFY_USER permission is allocated to the bit position representing a value of x'02' in hexadecimal:

MODIFY_USER,                     // X'.......2

which would correspond to the position below in the binary number (bit is on):

00000000000000000000000010

As you can see from the example, this user does have the MODIFY_USER permission, because that bit position is "on" (contains a 1).

 In DB2, there are BIT scalar functions which you should be able to use in an SQL statement to determine if a particular bit within the two's complement representation of the unsigned integer value is on or not. The detailed DB2 query to get the bit is not scope of this document.

https://www.ibm.com/support/knowledgecenter/en/SS6NHC/com.ibm.swg.im.dashdb.sql.ref.doc/doc/r0052628.html

 

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSTFXA","label":"Tivoli Monitoring"},"Component":"","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"All Versions","Edition":"All Editions","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
23 October 2018

UID

ibm10732475